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DETAILED ACTION 
Continued Examination Under 37 CFR 1.114 

A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1 .1 7(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1 .17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 
September 13, 2010 has been entered. 

Claims 1, 7, 9-14, 16, 20-25, 27, 31-36, and 53-57 are pending and herein 
considered. 

Response to Arguments 

Applicant's arguments with respect to claims 1, 7, 9-14, 16, 20-25, 27, 31-36, and 
53-57 have been considered but are moot in view of the new ground(s) of rejection. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 
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Claims 1, 7, 9-14, 16, 20-25, 27, 31-36, and 53-57 are rejected under 35 
U.S.C. 102(e) as being anticipated by Win etal., US 6,161,139, filed 02/12/1999. 

As per claim 1, Win teaches a method comprising: 

associating each workflow of a plurality of workflows with a corresponding 
domain of a plurality of domains in an identity system, each domain of said plurality of 
domains comprising one or more entities and each workflow of said plurality of 
workflows (Win, col. 17, lines 35-44; displaying task for modifying user profile and 
selecting "modifying" function) using a difference predefined set of steps to perform 
certificate related action wherein each workflow in said plurality of workflows 
corresponds to a different set of characteristics for a user, wherein the first workflow 
contains a first set of steps and a second workflow in said plurality of workflows 
contains a second set of steps wherein said first set of steps is different from said 
second set of steps, wherein said first workflow calls for obtaining an approval before 
performing a certificate related action for users having a first user type (Win, col. 12, 
line 65 -col. 13, line 11; col. 13, lines 58-60; modifying user profile, said user profile 
comprising information for determining access rights to resources), and herein said 
second workflow does not call for obtaining an approval before performing a certificate 
related action for users having a second user type (Win, col. 13, lines 58-60; col. 15, 
lines 15-27 "associating user types with users"); 

receiving at the Identity System a request for a first certificate related action for a 
first user wherein the certificate related action is selected from a group consisting of a 
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certificate enrollment action, a certificate renewal action, and a certificate revocation 
action (Win, col. 12, line 65 -col. 13, line 11; col. 16, TABLE 1; administrator requests 
for creating/modifying user profile); 

determining from said plurality of domains, a domain that includes said user; 

determining from said plurality of workflows, one or more workflows associated 
with said domain and capable of performing said certificate related action (Win, col. 17, 
lines 35-44; displaying task for modifying user profile and selecting "modifying" 
function); 

retrieving by the Identity System from said one or more workflows associated 
with said domain a first workflow for responding to said request wherein retrieving the 
first workflow comprises selecting the first workflow from the one or more workflows 
associated with said domain based on the first certificate related action and a user 
type of the first user from a set of characteristics for the first user from an identity 
profile for the first user maintained by the Identity System being the first user type and 
wherein the request includes an identification of said identity profile for the first user 
(Win, col. 13, lines 58-60; TABLE 1); 

performing said first workflow, wherein performing said first workflow comprises 
executing said predefined set of steps of said first workflow to perform said certificate 
relates action (Win, col. 13, lines 58-60; "Creating profiles involves associating roles with 
resources and users, as well as associating user types with users") including retrieving 
an approval response from an entity associated with the first user and identified in the 
identity profile for the first user and obtaining a certificate and a real time status for the 
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certificate from a certificate authority based on the approval response (Win, col. 12, line 
65 -col. 13, line 11; col. 13, lines 58-60; modifying user profile, said user profile 
comprising information for determining access rights to resources); and 

storing the certificate and said real time status in the Identity system, wherein the 

certificate authority is external to the Identity system (Win, col.4 lines 29-45 "Registry 

Server"). 

As per claim 7, Win discloses receiving said plurality of workflows (Win, col. 17, 
lines 35-44; displaying task for modifying user profile and selecting "modifying" 
function). 

As per claim 9, Win discloses 

receiving at the identity system a second request for a second certificate related 
action for a second user wherein the second certificate related action is selected from a 
group consisting of a certificate enrollment action, a certificate renewal action, and a 
certificate revocation action, determining by the Identity System from said plurality of 
domains a domain that includes said second user, determining by the Identity System 
from said plurality of workflows, one or more workflows associated with said domain that 
includes said second user and capable of performing said second certificate related 
action; retrieving by the Identity System from said one or more workflows associated 
with said domain that includes the second user a second workflow for responding to 
said second request wherein retrieving the second workflow further comprises selecting 
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the second workflow from the one or more workflows associated with said domain that 
includes said second user based on the second certificate related action and a user 
type of the second user from a set of characteristics for the second user from an identity 
profile for the second user maintained by the Identity System being the second user 
type and wherein the second request includes an identification of said identity profile for 
the second user and performing said second workflow wherein performing said second 
workflow comprises executing said predefined set of steps of said second workflow to 
perform said certificate relates action including obtaining a second certificate without 
retrieving an approval response (Win col.4 lines 1 1-45 teaches multiple users, networks, 
and servers organized in such a manner that security is maintained while providing 
access to authorized users to resources). 

As per claim 10, Win disclose wherein said first certificate related action is a 
certificate enrollment action and said second certificate related action is a certificate 
enrollment action (Win col. 10 lines 27-63 cookie). 

As per claim 11, Win discloses wherein said first certificate related action is a 
certificate renewal action and said second certificate related action is a certificate 
renewal action (Win col. 10 lines 27-63 cookie). 

As per claim 12, Win discloses performing said first workflow, wherein said first 
certificate related action is a certificate enrollment action and wherein performing said 
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first workflow comprises obtaining a certificate, wherein obtaining the certificate 
comprises authenticating said first user, forwarding said request to a Certificate 
Processing Server, receiving said certificate, and storing said certificate (col. 5 line 65 - 
col.6 line 9; col.6 lines 20-33; col. 10 lines 27-63 cookie). 

As per claim 13, Win discloses performing said first workflow, wherein said 
certificate related action is a certificate renewal action and wherein performing said first 
workflow comprises obtaining a certificate renewal, wherein obtaining the certificate 
renewal comprises authenticating said first user, forwarding said request to a Certificate 
Processing Server, and receiving a certificate renewal acknowledgement (col. 5 line 65 - 
col.6 line 9; col.6 lines 20-33; col. 10 lines 27-63 cookie). 

As per claim 14, Win discloses performing said first workflow, wherein said 
certificate related action is a certificate revocation action and wherein performing said 
first workflow comprises revoking a certificate, wherein revoking the certificate 
comprises authenticating said first user, and forwarding said request to a Certificate 
Processing Server (col. 5 line 65 - col.6 line 9; col.6 lines 20-33; col. 10 lines 27-63 
"cookie expiration timers"). 

Claim 16 is directed towards a system's implementation of the method of claim 1 
and is rejected by similar rationale. 
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Claim 20 is directed towards a system's implementation of the method of claim 7 
and is rejected by similar rationale. 

Claims 21 and 22 are directed towards a system's implementation of the method 
of claims 9 and 10 and are rejected by similar rationale. 

Claims 23-25 are directed towards a system's implementation of the method of 
claims 12-14 and are rejected by similar rationale. 

Claim 27 is directed towards an apparatus' implementation of the method of 
claim 1 and is rejected by similar rationale. 

Claim 31 is directed towards an apparatus' implementation of the method of 
claim 7 and is rejected by similar rationale. 

Claims 32 and 33 are directed towards an apparatus' implementation of the 
method of claims 9 and 10 and are rejected by similar rationale. 

Claims 34-36 are directed towards an apparatus' implementation of the method 
of claims 12-14 and are rejected by similar rationale. 
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As per claim 53, Win discloses applying a Lightweight Directory Access protocol 
(LDAP) filter to attributes of the identity profile for the first user (Win col.1 2 lines 30-42). 

As per claim 54, Win discloses wherein the entity associated with the first user 
comprises a third user (Win col.4 lines 1 1-45 teaches multiple users, networks, and 
servers organized in such a manner that security is maintained while providing access 
to authorized users to resources; col. 5 lines 1-35 "roles" and the relationships 
therebetween). 

As per claim 55, Win discloses storing validation information for said certificate in 
the Identity System, wherein said validation information includes an identifier of a time 
said real time status was retrieved and a validation interval for said real time status; 
receiving at the Identity System a request to export the certificate; determining with the 
Identity System whether to check a status for said certificate, wherein determining 
whether to check the status for the certificate comprises querying a parameter field in 
the Identity System; and in response to determining to check the status for said 
certificate, determining with the Identity System whether to check the status for the 
certificate in real time comprises querying a parameter field in the Identity System (Win 
col. 10 lines 50-62 "expiration timer"). 

Claim 56 is directed towards a system's implementation of the method of claim 
55 and is rejected by similar rationale. 
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Claim 57 is directed towards an apparatus' implementation of the method of 
claim 55 and is rejected by similar rationale. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Tamara Teslovich whose telephone number is (571) 

272- 4241 . The examiner can normally be reached on Mon-Fri 8-4:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on (571) 272-3865. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 

273- 8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Tamara Teslovich/ 
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Examiner, Art Unit 2437 
/Emmanuel L. Moise/ 

Supervisory Patent Examiner, Art Unit 2437 



